{"containers": {"cna": {"affected": [{"product": "iOS", "vendor": "Apple", "versions": [{"lessThan": "iOS 13.4 and iPadOS 13.4", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "tvOS", "vendor": "Apple", "versions": [{"lessThan": "tvOS 13.4", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "watchOS", "vendor": "Apple", "versions": [{"lessThan": "watchOS 6.2", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "Safari", "vendor": "Apple", "versions": [{"lessThan": "Safari 13.1", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "iTunes for Windows", "vendor": "Apple", "versions": [{"lessThan": "iTunes for Windows 12.10.5", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "iCloud for Windows", "vendor": "Apple", "versions": [{"lessThan": "iCloud for Windows 10.9.3", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "iCloud for Windows (Legacy)", "vendor": "Apple", "versions": [{"lessThan": "iCloud for Windows 7.18", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to arbitrary code execution."}], "problemTypes": [{"descriptions": [{"description": "Processing maliciously crafted web content may lead to arbitrary code execution", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-10-16T16:03:47", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/HT211102"}, {"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/HT211101"}, {"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/HT211103"}, {"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/HT211104"}, {"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/HT211105"}, {"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/HT211106"}, {"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/HT211107"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "product-security@apple.com", "ID": "CVE-2020-3895", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "iOS", "version": {"version_data": [{"version_affected": "<", "version_value": "iOS 13.4 and iPadOS 13.4"}]}}, {"product_name": "tvOS", "version": {"version_data": [{"version_affected": "<", "version_value": "tvOS 13.4"}]}}, {"product_name": "watchOS", "version": {"version_data": [{"version_affected": "<", "version_value": "watchOS 6.2"}]}}, {"product_name": "Safari", "version": {"version_data": [{"version_affected": "<", "version_value": "Safari 13.1"}]}}, {"product_name": "iTunes for Windows", "version": {"version_data": [{"version_affected": "<", "version_value": "iTunes for Windows 12.10.5"}]}}, {"product_name": "iCloud for Windows", "version": {"version_data": [{"version_affected": "<", "version_value": "iCloud for Windows 10.9.3"}]}}, {"product_name": "iCloud for Windows (Legacy)", "version": {"version_data": [{"version_affected": "<", "version_value": "iCloud for Windows 7.18"}]}}]}, "vendor_name": "Apple"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to arbitrary code execution."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Processing maliciously crafted web content may lead to arbitrary code execution"}]}]}, "references": {"reference_data": [{"name": "https://support.apple.com/HT211102", "refsource": "MISC", "url": "https://support.apple.com/HT211102"}, {"name": "https://support.apple.com/HT211101", "refsource": "MISC", "url": "https://support.apple.com/HT211101"}, {"name": "https://support.apple.com/HT211103", "refsource": "MISC", "url": "https://support.apple.com/HT211103"}, {"name": "https://support.apple.com/HT211104", "refsource": "MISC", "url": "https://support.apple.com/HT211104"}, {"name": "https://support.apple.com/HT211105", "refsource": "MISC", "url": "https://support.apple.com/HT211105"}, {"name": "https://support.apple.com/HT211106", "refsource": "MISC", "url": "https://support.apple.com/HT211106"}, {"name": "https://support.apple.com/HT211107", "refsource": "MISC", "url": "https://support.apple.com/HT211107"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T07:52:19.842Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.apple.com/HT211102"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.apple.com/HT211101"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.apple.com/HT211103"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.apple.com/HT211104"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.apple.com/HT211105"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.apple.com/HT211106"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.apple.com/HT211107"}]}]}, "cveMetadata": {"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2020-3895", "datePublished": "2020-04-01T17:49:54", "dateReserved": "2019-12-18T00:00:00", "dateUpdated": "2024-08-04T07:52:19.842Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*", "matchCriteriaId": "C0F56F52-3A35-4C68-872B-9DC349664260", "versionEndExcluding": "7.18", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*", "matchCriteriaId": "9BD7597B-A879-4CDE-AB4E-B664BFF83138", "versionEndExcluding": "10.9.3", "versionStartIncluding": "10.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*", "matchCriteriaId": "82E6396E-8C78-4EED-88EC-B97C9B4C2DA9", "versionEndExcluding": "12.10.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", "matchCriteriaId": "0043E6A5-C84C-4538-A6FB-A64882B0F828", "versionEndExcluding": "13.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "A754595C-30B0-4E62-8ECF-E671F6C3DC57", "versionEndExcluding": "13.4", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "09DD8CD4-AF42-4A2B-8DF0-AED34E43FDD8", "versionEndExcluding": "13.4", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", "matchCriteriaId": "3D72D358-8126-4B3C-97E9-A01731C38D45", "versionEndExcluding": "13.4", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", "matchCriteriaId": "29B94B7E-D55C-417C-B2C9-88EB62F11857", "versionEndExcluding": "6.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to arbitrary code execution."}, {"lang": "es", "value": "Se abord\u00f3 un problema de corrupci\u00f3n de la memoria con un manejo de la memoria mejorado. Este problema es corregido en iOS versi\u00f3n 13.4 y iPadOS versi\u00f3n 13.4, tvOS versi\u00f3n 13.4, watchOS versi\u00f3n 6.2, Safari versi\u00f3n 13.1, iTunes para Windows versi\u00f3n 12.10.5, iCloud para Windows versi\u00f3n 10.9.3, iCloud para Windows versi\u00f3n 7.18. Un procesamiento de contenido web dise\u00f1ado con fines maliciosos puede conllevar a una ejecuci\u00f3n de c\u00f3digo arbitraria."}], "id": "CVE-2020-3895", "lastModified": "2021-12-01T01:56:22.540", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-04-01T18:15:16.350", "references": [{"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/HT211101"}, {"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/HT211102"}, {"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/HT211103"}, {"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/HT211104"}, {"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/HT211105"}, {"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/HT211106"}, {"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/HT211107"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2020:4035", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "webkitgtk4-0:2.28.2-2.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2020-09-29T00:00:00Z"}, {"advisory": "RHSA-2020:4451", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "webkit2gtk3-0:2.28.4-1.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-11-04T00:00:00Z"}], "bugzilla": {"description": "webkitgtk: Memory corruption triggered by a malicious web content", "id": "1876465", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1876465"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified"}, "details": ["A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to arbitrary code execution."], "name": "CVE-2020-3895", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "webkitgtk", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "webkitgtk3", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2020-04-27T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-3895\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-3895\nhttps://webkitgtk.org/security/WSA-2020-0005.html"], "threat_severity": "Moderate", "upstream_fix": "webkitgtk 2.28.0"}